Security

Every customer (firm, institute, individual lawyer) is its own tenant. Object storage is partitioned per tenant — a firm’s upload goes to a bucket prefixed by that tenant’s ID and is never co-mingled with another customer’s data.

Server-side, every request is bound to a tenant ID before it touches storage or the AI Court Notebook. The vector index used for retrieval is keyed {tenant_id}:{case_id}— the Notebook physically cannot return content from another tenant’s matter, regardless of how the prompt is constructed.

In transit: TLS 1.3 for all browser ↔ server and server ↔ storage / AI provider communication. Strict HSTS with one-year max-age, preload eligible.

At rest: AES-256 server-side encryption on the document vault. Database backups are encrypted with customer-isolated keys. Secrets and provider credentials are stored in a managed secret store, never in source.

For your team: Role-based access control with at least three roles (admin, member, view-only). Login requires User ID + password and an SMS OTP as second factor. Sessions expire after 60 minutes of inactivity.

For us: Production access is just-in-time and audited. Engineers do not have ambient access to customer data. Database queries against customer matters require an approved on-call ticket and are logged.

The AI Court Notebook is retrieval-augmented and citation-required. The model only sees document chunks you uploaded for the specific matter. Every assistant response carries a citation back to a source page; ungrounded claims are refused explicitly rather than hallucinated.

We do not train models on your matter files. Provider calls disable training where the provider supports an opt-out (Anthropic, Gemini). System prompts and reusable preambles are cached on the provider side; only your question varies per request.

Document storage and primary databases run in India (ap-south). For institutes with stricter requirements (BFSI / govt) we support single-region deployment with no cross-border copy. Provider inference (Anthropic, Gemini) routes through the regional endpoints supported by each provider.

Every read or write to a matter file, every Notebook query, every counsel-spend approval is logged with actor, timestamp, and tenant ID. Logs are write-once and retained for at least one year (longer for institutes under regulatory retention requirements).

Security incidents are triaged by an on-call engineer within 30 minutes of detection. Customers are notified within 72 hours of confirmation as required by DPDP, with a written report covering scope, root cause, and remediation.

Report a vulnerability: [email protected]. We respond within one business day and credit responsible disclosures.

We align our controls to ISO/IEC 27001 and SOC 2 Type II requirements. Certification roadmap:

• ISO/IEC 27001 — alignment in 2026, certification 2027.
• SOC 2 Type II — observation window opens 2026.
• DPDP (Digital Personal Data Protection Act 2023) — already aligned. See Privacy Policy.